[bug #60458] grub 2.06 reboots immediately when compiled with -O2 (bisected)

Mon, 26 Apr 2021 11:38:22 -0700 

URL:
  <https://savannah.gnu.org/bugs/?60458>

                 Summary: grub 2.06 reboots immediately when compiled with -O2
(bisected)
                 Project: GNU GRUB
            Submitted by: cybertony
            Submitted on: Mon 26 Apr 2021 06:38:14 PM UTC
                Category: Booting
                Severity: Major
                Priority: 5 - Normal
              Item Group: Software Error
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
                 Release: 
                 Release: Git master
         Discussion Lock: Any
         Reproducibility: Every Time
         Planned Release: None

    _______________________________________________________

Details:

When grub-2.06-rc1 is compiled with -O2 instead of the default -Os, it reboots
immediately instead of showing the menu, leading to an endless reboot loop.  I
am using x86-64 legacy BIOS mode (no EFI) on a variety of motherboards and
CPUs.  I have bisected the problem down to the following commit:

commit 4ea7bae51f97e49c84dc67ea30b466ca8633b9f6
Author: Chris Coulson <[email protected]>
Date:   Thu Jan 7 19:21:03 2021 +0000

    kern/parser: Fix a stack buffer overflow
    
    grub_parser_split_cmdline() expands variable names present in the
supplied
    command line in to their corresponding variable contents and uses a 1 kiB
    stack buffer for temporary storage without sufficient bounds checking. If
    the function is called with a command line that references a variable
with
    a sufficiently large payload, it is possible to overflow the stack
    buffer via tab completion, corrupt the stack frame and potentially
    control execution.
    
    Fixes: CVE-2020-27749
    
    Reported-by: Chris Coulson <[email protected]>
    Signed-off-by: Chris Coulson <[email protected]>
    Signed-off-by: Darren Kenny <[email protected]>
    Reviewed-by: Daniel Kiper <[email protected]>

Reverting that commit fixes the problem.

I noticed this problem after upgrading to the just-released Yocto 3.3
Hardknott.  Yocto has "-O2" in the default CFLAGS, which is how I encountered
this problem (I don't actually care about the grub optimization level).  I
verified that the same problem exists if I compile grub 2.06-rc1 on Ubuntu
20.04 with CFLAGS="-O2" outside of Yocto.  Although I can fix the problem by
telling Yocto to use -Os instead of -O2, I figured that this issue might point
to a bug in the code that is worth reporting and fixing.

Yocto 3.3 has gcc 10.2
Ubuntu 20.04 has gcc 9.3




    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?60458>

_______________________________________________
  Message sent via Savannah
  https://savannah.gnu.org/

Reply via email to